Question 1

A manufacturing company is assessing risks in its supply chain. What is the importance of the risk manager understanding the company's supply chain processes?

Options :

A : So the risk manager can take over the supply chain management role.

B : It is not important as long as the company has insurance for supply chain disruptions.

C : To identify and manage risks related to supplier reliability, logistics, and external dependencies.

D : Understanding supply chain processes is solely the responsibility of the procurement department.

Answer: C

Question 2

A government agency is adopting EBIOS to assess and manage risks related to a new public service application. The team is in the fifth workshop of EBIOS. What should be the focus of this workshop, and how does it contribute to the ongoing risk management of the public service application?

Options :

A : Developing a one-time risk mitigation strategy that addresses all identified risks.

B : Outsourcing risk mitigation to a third-party service provider without internal analysis.

C : Focusing solely on technological solutions to mitigate risks.

D : Creating and implementing risk mitigation plans that address the specific risks identified, including prioritizing actions and monitoring the effectiveness of these plans.

Answer: D

Question 3

A healthcare organization wants to assess the effectiveness of its controls for protecting patient data. Which method would be most appropriate for identifying these controls?

Options :

A : Monitoring the physical security of data storage facilities.

B : Analyzing patient satisfaction survey results.

C : Conducting a gap analysis against health data protection regulations.

D : Reviewing IT system logs for unusual activities.

Answer: C

Question 4

An online retail company is assessing the risk of unauthorized access to customer credit card information. They are evaluating the implementation of end-to-end encryption for all transactions, regularly updating their payment systems, conducting penetration testing, or outsourcing payment processing to a PCI DSS compliant third-party. Which option most effectively reduces the risk level of unauthorized access to customer information?

Options :

A : Implementing end-to-end encryption for all transactions.

B : Outsourcing payment processing to a PCI DSS compliant third-party.

C : Regularly updating their payment systems.

D : Conducting penetration testing.

Answer: A

Question 5

An e-commerce company is establishing risk acceptance criteria. What is an important factor to consider when defining these criteria?

Options :

A : Copying risk acceptance criteria from a different industry without modification.

B : Defining criteria based on the company-s risk appetite and the potential impact on its online business operations.

C : Setting criteria that accept all risks to expedite the decision-making process.

D : Basing criteria solely on the personal preferences of the risk manager.

Answer: B

Higher Test Marks with Free Online ISO-27005-LRM Exam Practice

Buying Options: